SB 503: Health care services: artificial intelligence.

Existing law provides for the licensure and regulation of health facilities and clinics by the State Department of Public Health.

Existing law requires a health facility, clinic, physicians office, or office of a group practice that uses generative artificial intelligence to generate written or verbal patient communications pertaining to patient clinical information, as defined, to ensure that those communications include both (1) a disclaimer that indicates to the patient that a communication was generated by generative artificial intelligence, as specified, and (2) clear instructions describing how a patient may contact a human health care provider, employee, or other appropriate person. Existing law exempts from this requirement a communication read and reviewed by a human licensed or certified health care provider.

This bill would require developers and deployers of artificial intelligence systems to make reasonable efforts to identify artificial intelligence systems used to support clinical decisionmaking or health care resource allocation that are known or have a reasonably foreseeable risk for biased impacts in the systems outputs resulting from use of the system in health programs or activities. The bill would require developers and deployers to make reasonable efforts to mitigate the risk for biased impacts in the systems outputs resulting from use of the system in health programs or activities. The bill would require deployers to regularly monitor these artificial intelligence systems and take reasonable and proportionate steps to mitigate any bias that may occur. The bill would specify that a person, partnership, state or local governmental agency, or corporation may be both a developer and a deployer. The bill would require, beginning January 1, 2030, and at least annually thereafter, a developer to submit their artificial intelligence systems to an independent third-party auditor to assess whether the developer has complied with the above-described provisions. The bill would require developers to make a summary of the audit publicly available on its internet website. The bill would specify that the department is not required to independently inspect, test, or evaluate the functionality of an artificial intelligence system. The bill would require, beginning January 1, 2027, developers to provide a report identifying compliance efforts with the above-described provisions to the department before making an artificial intelligence system commercially or publicly available to a deployer, as specified. The bill would require deployers, beginning January 1, 2027, to annually provide the department with a report identifying their efforts to comply with identification, mitigation, and monitoring requirements established pursuant to these provisions. The bill would require the department to make these reports available on its internet website.